11 February 2015

HipChat and good result of suspicious activity ...

Around one week ago, it was a blog entry about Hip Chat on Atlassian Blog.
" Atlassian’s security team has discovered and blocked suspicious activity on the HipChat service that resulted in unauthorized access to names, usernames, email addresses, and encrypted passwords for a very small percentage (<2%) of our users. We have no evidence that any payment information was accessed. While HipChat passwords are one-way encrypted (hashed and salted), as an added precaution we have triggered a password reset for all affected HipChat user accounts and all Atlassian services that share the same email address"

It's good to see that password implementation have been done correctly. However,it is shocking for me that many companies has still a big problem with that.
You may think,that It is not an exciting reason to write post about it.
Yes, You are correct .
It something interesting  happen as result of this event. Atlassian folks changed priority for  'Support two-factor authentication' from  minor to Critical!

Check it, if you don't believe it. https://bitbucket.org/site/master/issue/5811/support-two-factor-authentication-bb-7016

I hope, Altassian will implement security features with high priority as part of their normal release to avoid potential problems rather than implement feature as result of suspicious activity.

It is very scary, that many companies still do not treat Security features as critical business value.  Security should be part of their normal development and operation process, not a reaction of 'shit happen'.

Source: https://blog.hipchat.com/2015/02/01/hipchat-security-notice-and-password-reset/